D0 N0 H4RM: A Healthcare Security Conversation

Presented at DEF CON 28 (2020) Virtual, Aug. 7, 2020, 8 p.m. (30 minutes)

It is certainly a time of discovery- though the truths revealed by the COVID-19 crisis can be bitter and bleak. At a time when all attention is focused on the ERs and ICUs that make up the battle's front lines, it is easy to cast aside old warnings to focus solely on the clinical war. But the need for safety and security only increases in the face of a pandemic- and healthcare cybersecurity is no different. From testing to ventilators, every facet of our response to COVID-19 depends on trustworthy and reliable technology. D0 No H4rm- DEF CON's continuing conversation on healthcare returns for another up close (but not too close) and personal dialogue between hackers at the top of their fields- from the halls of the FDA to the cutting edge of medical devices security research for an all-encompassing look at what we need to focus on in the age of COVID. Moderated by physician hackers quaddi and r3plicant, this perennially packed event aims to recruit the talent, ingenuity, and vision of the DEF CON family for the challenges we face both now and after the immediate crisis passes.

Presenters:

• Jeff Tully MD / r3plicant - Anesthesiologist at The University of California Davis   as Jeff "r3plicant" Tully MD
  Jeff (r3plicant) Tully is an anesthesiologist, pediatrician and security researcher with an interest in understanding the ever-growing intersections between healthcare and technology. @JeffTullyMD
• Christian Dameff MD MS / quaddi - Physician & Medical Director of Security at The University of California San Diego   as Christian "quaddi" Dameff MD
  Christian (quaddi) Dameff MD is an Assistant Professor of Emergency Medicine, Biomedical Informatics, and Computer Science (Affiliate) at the University of California San Diego. He is also a hacker, former open capture the flag champion, and prior DEF CON/RSA/Blackhat/HIMSS speaker. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization. Published security research topics including hacking critical healthcare infrastructure, medical devices and the effects of malware on patient care. This is his sixteenth DEF CON. @CDameffMD
• Vidya Murthy - Vice President Operations, MedCrypt
  Vidya is fascinated by the impact of cybersecurity on the healthcare space. Beginning her career in consulting, she realized a passion for healthcare and worked for global medical device manufacturer Becton Dickinson. She has since joined MedCrypt, a company focused on bringing cybersecurity leading practices to medical device manufacturers. Vidya holds an MBA from the Wharton School.
• Ash Luft - Software Engineer Starfish Medical
  Ash Luft is an Embedded Software Engineer with a background in Computer Science, Biochemistry, and Electrical Engineering. With industry experience in Software and Biomedical Device Development, Ash specializes in designing for and implementing safety, security, and privacy in Clinical IoT and Medical Devices. Ash is passionate about protecting patient outcomes while delivering cost-effective, high quality solutions.
• Veronica Schmitt - Assistant Professor, Noroff University
  Veronica started her forensic career in 2008. She is currently an Assistant Professor at Noroff University, where she has been given her own Minions to plan her world domination.. Veronica serves as part of the WoSEC board of directors, and the board of directors of DFIRLABS that specializes in the investigation of complex incidents. Veronica holds a Master in Science at Rhodes University in Information Security with specialisation in the forensic analysis of malware. Veronica has also received training overseas in cybercrime investigation and digital forensics from the US Department of Homeland Security, the International Association of Computer Investigative Specialists, and the SANS Institute. She is also an Independent Security researcher currently working with Medtronic which is one of the largest Medical Device Manufacturers. She prides herself in keeping patients safe as this is something which is near to her heart. She is also a cyborg sporting an embedded medical device herself. She also has spoken extensively internationally, including at the SANS DFIR Summit, and DEF CON Villages. She also is a DEF CON Goon and she is the founder of DC2751. Her particular research interests include research into security vulnerabilities in medical devices forming part of the Internet of Things, and how these could be exploited by malicious attackers, as well as what types of forensic artefacts could be identified from any attacks. She is extremely passionate about protecting people whose lives depend on these medical devices, and her passion saw her becoming a member of the security research group, I am the Cavalry. At her core Veronica is a forensicator and in love with every bit, byte and nibble of knowledge she has obtained. @P01z0n_P1x13
• Jessica Wilkerson - Cyber Policy Advisor, FDA
  Jessica Wilkerson is a Cyber Policy Advisor with the All Hazards Readiness, Response, and Cybersecurity (ARC) team in the Center for Devices and Radiological Health (CDRH) within the Food and Drug Administration (FDA). As part of ARC, she examines issues and develops policy related to the safety and effectiveness of connected medical devices. Previously, she worked as the Cybersecurity Research Director for the Linux Foundation, and spent over five years as a congressional staffer with the House Committee on Energy and Commerce, covering cybersecurity issues in the telecommunications, commercial, energy, and health sectors. As part of that work, she examined issues related to coordinated vulnerability disclosure, software supply-chain transparency, legacy technology risks, and cybersecurity governance models, among others. She has a background in mathematics and computer science. She received a B.A. in Policy Studies and minors in Computer Science and Mathematics from Syracuse University, and is currently pursuing a J.D. from the Catholic University of America's Columbus School of Law."

Links:

• https://defcon.org/html/defcon-safemode/dc-safemode-speakers.html#Dameff
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Christian “quaddi” Dameff MD and panel - D0 N0 H4RM - A Healthcare Security Conversation - Q&A.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Christian “quaddi” Dameff MD and panel - D0 N0 H4RM - A Healthcare Security Conversation.mp4
• https://infocon.org/cons/DEF CON/DEF CON 28/DEF CON Safe Mode video and slides/DEF CON Safe Mode - Christian “quaddi” Dameff MD and panel - D0 N0 H4RM - A Healthcare Security Conversation.srt (subtitles)
• https://www.youtube.com/watch?v=fAU7V3pvj1Q

Similar Presentations:

• DEF CON 30 (2022) / D0 N0 H4RM: A Healthcare Security Conversation (Lounge)
• DEF CON 29 (2021) / D0 N0 H4RM: A Healthcare Security Conversation
• DEF CON 25 (2017) / D0 No H4RM: A Healthcare Security Conversation